Skip to content

Commit 5357552

Browse files
committed
patch 8.1.1365: source command doesn't check for the sandbox
Problem: Source command doesn't check for the sandbox. (Armin Razmjou) Solution: Check for the sandbox when sourcing a file.
1 parent 5c017b2 commit 5357552

File tree

3 files changed

+17
-0
lines changed

3 files changed

+17
-0
lines changed

Diff for: src/getchar.c

+6
Original file line numberDiff line numberDiff line change
@@ -1407,6 +1407,12 @@ openscript(
14071407
emsg(_(e_nesting));
14081408
return;
14091409
}
1410+
1411+
// Disallow sourcing a file in the sandbox, the commands would be executed
1412+
// later, possibly outside of the sandbox.
1413+
if (check_secure())
1414+
return;
1415+
14101416
#ifdef FEAT_EVAL
14111417
if (ignore_script)
14121418
/* Not reading from script, also don't open one. Warning message? */

Diff for: src/testdir/test_source.vim

+9
Original file line numberDiff line numberDiff line change
@@ -36,3 +36,12 @@ func Test_source_cmd()
3636
au! SourcePre
3737
au! SourcePost
3838
endfunc
39+
40+
func Test_source_sandbox()
41+
new
42+
call writefile(["Ohello\<Esc>"], 'Xsourcehello')
43+
source! Xsourcehello | echo
44+
call assert_equal('hello', getline(1))
45+
call assert_fails('sandbox source! Xsourcehello', 'E48:')
46+
bwipe!
47+
endfunc

Diff for: src/version.c

+2
Original file line numberDiff line numberDiff line change
@@ -767,6 +767,8 @@ static char *(features[]) =
767767

768768
static int included_patches[] =
769769
{ /* Add new patch number below this line */
770+
/**/
771+
1365,
770772
/**/
771773
1364,
772774
/**/

0 commit comments

Comments
 (0)